4 all of IT-mediated communication and acti taking place is offen referred 0 as “Cyber space”. Cyber space cand spatially located. It is made up of intangible objects, such as your website th social networks, email account personal information and —repy.'% Cyberspace can be thought of as a global electronic village with instant Mt communication and no geographical bar 6 Concept of Cyber Space The virtual space in which The Proliferation of IT and the Need for Regulation of Cyber Space The proliferation of ‘IT’ has resulted in a concomitant proliferation of comp, crime and other forms of unauthorized access to computers, computer syste Gnd computer data, The protection of the integrity of all types and fon lawfully created computers, computer systems, and computer data is vital tg protection of the privacy of individuals as well as to the well-being of financg institutions, business concerns, governmental agencies, and others that lawfyy utilize those computers, computer systems, and data’, The laws governing iy physical world are, however, inept at governing transactions in cyber spag where the subject matter often is an intangible object such as one’s email « Facebook account or website or virtual currency or personal information. Th regulation of the cyber space, thus, requires specialised laws. CYBER CRIMES Cybercrime encompasses any crime involving a computer system or network, where such system or network is (i) A Victim of Crime Where the computer system or its network is the target of the offence, For example: theft, physical sabotage, violation of intellectual propery rights, destruction of information, efc. (ii) A Tool of Crime Where a computer system or network is being used as an instrument t commit crime. For example: illegal transactions online, credit car frauds, etc. (iii) A Repository of Evidence Related to the Crime Where the computer can help obtain information, which, assists it investigation and prosecution of the crime, cf te L. ‘Cyber space’ is referred to as a mere virtual space where computer-mediated communication. ake place but which may not be spatially located, Prof. Andreas Zimmermann, University of Potsdatt ance auional Lav’ and Cyber Space, Vol 3, Issue 1, European Society of Intemationl Law ‘Available at: http://www esil-sedi.eu/node/481 Accessed on: 20 August, 2014. | 2, Than global electronic village” was coined by Marshall McLuhan in his books ‘The Get" Gay: The Making of Typographic Man’ (1962) and "Understanding Media (1961) Fi 43, Section 502, California Penal Code: Unauthorized Access to Computers, Computer Systems Computer Data. @ scanned with OKEN Scanner‘17’ has made life easier, It has also made crime easier. ‘IT’ obliterates the need for actual physical contact to commit a crime. Crime may be committed anywhere from any Place through the internet. Another problem is that of anonymity. Cybercriminals can maintain anonymity with ease. It requires highly sophisticated equipment and a specialised skill set to identify anonymous cyber criminals. Cyber criminals face low entry barriers due to the low cost of IT, and the ease with which the commission of cybercrimes can be learnt. For example, malware toolkits are now casily available, JT” has also given birth to new kinds of criminal activity. Criminals use ‘IT’ to commit both tradition I crimes (embezzlement, cheating, theft, efc.) and new age crimes (denial of service attacks, computer hacking and data theft, efc.). The involvement of the computer is not limited to the basic computer crimes only but itis also widely used in a broad range of other crimes such as organised crimes, white collar crimes, drug trafficking, frauds, forgeries, kidnappings, extortion, cabling, software piracy etc. Yet another problem for legislation is the moral ambiguity of some of the crimes or bad behaviour. Many a time, the criminals (and also the victims) are not even aware that they are committing a crime. Email spamming, identity theft with no financial implications and cyber stalking are examples of such kind of behaviour. Misuse of ‘IT” has given rise to various risks to individuals, organisations and governments alike: (i) Financial Risks: through credit card fraud, phishing and salami attacks. (i) Risk to Information: through hacking. i) Individual Risk: through net extortion, online defamation, cyber stalking, identity theft and cyber bullying. (iv) IPR Violations: software piracy, cybersquatting, copyright and trademark infringement. (v) Risk to Computers/ Computer Systems, efc.: through denial of service attacks, viruses and e-mail spamming. (vi) Rise in Online Illegal Activity: sale of illegal items like drugs, online gambling and pornography. (vii) Risk to Government: through cyber terrorism, cyber warfare, cyber spying and hacking of government websites. CYBER Laws J Limitations of Traditional Law and Need for a Separate Law for Cyber Crime Traditional laws pose several constraints in dealing with cyber-crimes: (@® Jurisdictional Issues: Cyberspace has no geographic boundaries. A cybercrime may be committed by a person in any other country or it may be committed using a computer system or network located in @ scanned with OKEN ScannerMw) ; N gece another country. While the Indian Penal Code, Se ae for bot territorial and extra-territorial isd ; i A Sritorig jurisdiction is limited to offences committed by i ne ae This Teaves ambiguity in the applicability of the penal aaa ih he Fences that may be committed by foreign nationals over ser a Be ay their impact is felt in India, This ‘transnational ea yl : al also requires greater international cooperation. Investiga ion " me in other countries and arrest of cybercriminals of other nationa ities wif] require established extradition treaties and special permissions, ii) Inapplicability of Conventional Definition : | eyhettsack involve intangible objects. This creates problems where .V" conventional definitions of crimes are involved. For instance, the «__ definition of tyespass’ requires actual phys al entry for convietion*, ~ Consittictive entry upon the property is not within the meaning of this x Section, In the case of cyber trespass, or hacking, where there is no * actual entry into the physical territory where the computer is located, this definition would fail. Similarly, the offence of theft’ is made out When there exists an intent to remove from possession. Therefore, for data to be stolen, it would have to be removed from the Possession of the owner. If the offender were to simply copy the data onto a pen drive without erasing or modifying the original data in any way, then it may Not constitute ‘theft’ under the traditional definition of the term. ) Creation of New Crimes: C Most crimes jn » 4. Section 4, Indian Penal Code, 1860, Extension of Code to Ea ‘din India wherever it may be." Criminal Trespass Whoever enters into or upon property aflence oo mide, Heeh BOPEY inthe possession of tothe wih ie 0 commit an Ste prapenyPEtSO in possession of such properts, on having son only remains there wither thers “criminal trespass. a" Rash Behari Chaerjee v. Fagu Shaw & 1960 Cal 189; Krishna Deo Gaur: Publishing, 2009, at Page 743, Section 378. Indian Penal Code, 1860. Theft “Whoever, intending 1 take dishonesty any movab without that person’ s consent, move rer Inert Out ofthe possession o tog thee + moves that Bropeny in order ta suoh ek tse arn See Sections 43 (e), 43 (f) and ‘66F (1AM), IT Act, 2000. @ scanned with OKEN ScannerEe law. Similarly, the IT Act elevates the offence of denial of access and introducing computer viruses with the intent of striking terror in a section of people to the status of ‘cyber-terrorism’ and provides for significant punishment for the same, Under section 66F of the IT Act, the provision relating to eyber-terrorism, is worded similar to Section 3 of the Prevention of Terrorism Act, 2002”, ‘ Issues with Gathering Evidences The intan and cybercrime makes: traditional inadequate. The ‘scene of crime’ in cyberspace is completely virtual and so is the object of the crime (data/ information). Additionally, this type of evidence ean be modified very easly, For example, a crininal may set up a program which erases all evidence from the computer if it s accessed by someone other than himself. In this case, mere access to the computer may erase the evidence. Therefore specific rules are required for extraction of evidence and maintaining its’ authenticity. (¥) Anonymity of Netizens: A cybercriminal can easily guard his identity. A cybercriminal can use fake identities or create identity clones, for example. This makes gathering of evidence difficult. (vi) Monitoring of Crime: The sheer volume of information involved and being processed every second makes monitoring and tracking of crime very difficult. Countries like United States of America, including India, have put in place extensive internet surveillance programmes to deal with this issue. However, such programmes can also be extremely invasive in the personal lives of individuals, raising questions regarding the protection of privacy. For example, India’s Central Monitoring System (CMS), described as the Indian version of America’s PRISM, is a mass electronic surveillance data mining program which will give India’s security agencies and income tax officials centralized access to India’s telecommunications network and the ability to listen in on and record mobile, landline and satellite calls and’ voice over Internet Protocol (VoIP), read private emails, SMS and MMS, and track the geographical location of individuals, all in real time. It can also be used to monitor posts shared on social media such as Facebook, LinkedIn and Twitter, and to track users’ search histories on Google, without any gible nature of cyberspace I methods of gathering evidence 9. Section 3. Prevention of Terrorism Act, 2002 Punishment for Terrorist Acts: “() Whoever, — : ” (a) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people does any act or thing by using bombs, dynamite or other explosive substances or inflammable substances or firearms or other lethal weapons or poisons or noxious gases or other chemicals or by any other substances (whether biological or otherwise) of a hazardous nature or by any other means whatsoever, in such a manner as to cause, or likely to cause, death of, or injuries to any person.or persons oF loss of, or damage to, or destruction of, Property or disruption of any supplies or services essential tothe life ofthe community = damage or destruction of any property or equipment used or intended to be used forthe defense of India or in connection with any other purposes of the Government of India, any Sate Governmént or any of their agencies, or detains any person and threatens to kill or injure such person ino tocompel the Government or any other person to do or abstain from doing any act." @ scanned with OKEN Scanneroversight by courts or Parliament. The intercepted data may be Subject to pattern recognition and other automated tests to detect emotional markers, such as hate, compassion or intent, and different forms of dissent. Telecom operators in India are obligated by law to give access to their networks to every legal enforcement agency. One of the primary concerns raised by experts is the sheer lack of public information on the project. There is no official word from the vernment about how government bodies or agencies will use this information; what percentage of population will be under surveillance; etc. There is also no legal recourse for a citizen whose personal details are being misused or leaked from the central or regional database, Unlike America’s PRISM project under which surveillance orders are approved by courts, CMS does not have any judicial oversight'’. There is thus need for extensive legislation on surveillance, (vii) Evidentiary value of Electronic Information: The extensive use of ‘IT’ for communication and documentation raised a new question on the admissibility of electronic evidence. If a person was being stalked online, can copies of e-mails or screenshots of chat room messages by the stalker be admissible as evidence? The pre-amendmended Indian Evidence Act, 1872 recognised only two types of evidence!!- documentary evidence (i.e., paper based evidence) and oral evidence (testimonials of witnesses). (viii) Validity of Online Transai Traditional law does not deal with the validity of e-contracts, digital Signatures, e-commerce, etc, For example, is a contract entered into through e-mails legally valid? Can it be enforced in a court of law? Thus, the need was felt to promulgate specialised |; following: laws to provide for the “(i) Setting clear standards of behavior for the use of computer devices; (ii) Deterring perpetrators and protecting citizens; (iti) Enabling law enforcement investigations wh privacy; (iv) Providing fair and effective criminal justice Procedures; (v) Requiring minimum protection standards in areas such as q, handling and retention; and ‘ata ile Protecting individual 10. Critique of CMS by Dr Anja Kovacs, Project Director at Intemet Democ NGO working for online feedom of speech and related issues, Se Tndia's Conrad ns G8 System: Security can't come at cost of privacy, Available at: htpifech, firstpost.comi or" analifingia-central-moitoring-ystem-securty-cant-come-at-costof privacy 21036 he ‘Accessed on 23 August, 2014, 11. Section 3, Indian Evidence Act, 1872 12, Draft Report tiled, Comprhensive Study on Cybererine, United Nations Ocean Devs a Crime, February 2013, at Page 52. : sacy Project, Delhi bao @ scanned with OKEN Scanner(vi) Enabling cooperation between countries in criminal matters involving cybercrime and electronic evidence.” EVOLUTION OF CYBER Law Early Cyber Laws: The Computer Misuse Act, 1990 of Great Britain In the case of R v. Gold & Schifreen'® the defendants had gained unauthorised access to a computer network. The defendants were charged under the Forgery and Counterfeiting Act, 1981 for ‘defrauding’ by manufacturing a. ‘false instrument’. It was held by the House of Lords that: “We have accordingly come to the conclusion that the language of the Act was not intended to apply to the situation which was shown to exist in this case. ... The Procrustean attempt to force these facts into the language of an Act not designed to fit them produced grave difficulties for both judge and jury which we would not wish to see repeated. The appellants’ conduct amounted in essence, as already stated, to dishonestly gaining access to the relevant Prestel data bank by a trick. That is not a criminal offence. If it is thought desirable to make it so, that is a matter for the legislature rather than the courts.” This judgment brought the possibilities of cyber-crime and the inadequacy of existing laws to deal with them to the notice of the legislature of Great Britain. It led to the enactment of the Computer Misuse Act, 1990. This was among the first | cyber laws to be enacted. It recognised the following offences: | (i) Unauthorised access to computer material", (ii) Unauthorised access with intent to commit or facilitate commission of further offences’>. (iii) Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc."®. @ scanned with OKEN Scanner